Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Larry Loeb

Content posted in March 2018
VPNs Are Still Leaking Your Personal Information
Larry Loeb  |  3/30/2018  | 
While VPNs are supposed to allow for safe, anonymous browsing, it turns out that STUN servers on the backend can still leak personal information and your whereabouts. Here's how to minimize that.
Researcher Finds etcd Servers Leak Passwords Like a Sieve
Larry Loeb  |  3/28/2018  | 
Security researchers find that etcd servers, an essential part of Kubernetes, as well as other database system, have been leaking passwords for a long time.
Cybercriminals Using Kubernetes, Docker to Bitcoin Mine
Larry Loeb  |  3/26/2018  | 
Supposedly safe and secure Docker containers and the Kubernetes orchestration system can actually be manipulated to mine Bitcoin and other cryptocurrencies, researchers have found.
In Facebook Debacle, More Than Zuckerberg to Blame
Larry Loeb  |  3/23/2018  | 
Facebook and CEO Mark Zuckerberg are rightly taking a lot of heat from the fallout over Cambridge Analytica and the firm's use of social media data. However, other businesses, as well as users, need to take some responsibility as well.
Crypto Crumple: A New Method of Balancing Privacy & Security
Larry Loeb  |  3/22/2018  | 
In a new paper released this week, two professors describe what they call the "crypto crumple zone," which looks to balance encryption and privacy with government's ability to investigate possible crimes.
Oil & Gas Industry Face Significant Cybersecurity Threat Study
Larry Loeb  |  3/21/2018  | 
A Ponemon survey finds a growing concern among cybersecurity professionals who work in the world's oil and gas industries.\r\n\r\n
Fancy Bear Linked to DealersChoice Attacks in Europe
Larry Loeb  |  3/19/2018  | 
Researchers at Palo Alto Networks believe the Russia-linked Fancy Bear group is behind a new exploit called DealersChoice that is targeting European governments and agencies.
Government Workers Believe Security Is Someone Else's Job
Larry Loeb  |  3/16/2018  | 
A study from Dtex Systems finds a growing disconnect between government employees and the organizations that they work for over who is ultimately responsible for maintaining good security practices.
AMD Chips Have Their Own Massive Hardware Security Flaws
Larry Loeb  |  3/14/2018  | 
CTS-Labs issued a report this week that detailed 13 different vulnerabilities in AMD's Ryzen and EPYC processors that are as dangerous as the Spectre and Meltdown flaws that Intel has been trying to fix.
DHS Has Some Serious Security Failures, Report Finds
Larry Loeb  |  3/12/2018  | 
From running outdated versions of Windows, to not having effective backup, the US Department of Homeland Security has some serious security failings, according to a new report.
Increased IoT Use Causing Added Enterprise Security Concerns Report
Larry Loeb  |  3/9/2018  | 
A new study from Trustwave finds that 60% of enterprises are using IoT devices, but that these connected sensors have caused at least one security issue.
LTE Protocol Vulnerabilities Could Lead to ID Theft, Call Spoofing
Larry Loeb  |  3/7/2018  | 
Researchers at Purdue and the University of Iowa find that LTE networks have some serious protocol flaws that could lead to a host of issues, including identity theft, call spoofing and the spread of false emergency reports.
Intel's SGX Vulnerable to Spectre-Like Flaw
Larry Loeb  |  3/5/2018  | 
Intel's SGX technology, which is used by several large cloud providers, is subject to its own Spectre-like vulnerability. However, this flaw seems much easier to fix.
Memcache Servers Being Used to Launch Massive DDoS Attacks
Larry Loeb  |  3/1/2018  | 
Several reports over the last few days are finding that someone is using Memcache servers to launch massive DDoS attacks.\r\n\r\n


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...